Re: [gnutls-dev] PKCS#8 parser does not return ASN.1 errors properly

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] PKCS#8 parser does not return ASN.1 errors properly

From:	Simon Josefsson
Subject:	Re: [gnutls-dev] PKCS#8 parser does not return ASN.1 errors properly
Date:	Sat, 26 May 2007 22:09:01 +0200
User-agent:	Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux)

(I'm cc'ing gnutls-dev... I'll ask the gnu.org people to redirect
address@hidden to this list too.)

Nate Nielsen <address@hidden> writes:

> I'm working on the gnome-keyring X509 code and trying to use gnutls for
> this. I've run into a bug:
>
> The PKCS#8 code does not return ASN.1 errors properly when parsing a
> non-PKCS#8 private key.
>
> Attached is test case, and patch.

Patch installed on 1.6.x.

I'd like to incorporate your self-test for the 1.7.x branch, though, but
that requires that you assign the copyright on the self test to the FSF.
Is that ok with you?  If so, I can send you the proper forms.

Thanks,
Simon

> Cheers,
> Nate Nielsen
> --- lib/x509/privkey_pkcs8.c.orig     2007-05-23 22:11:51.000000000 -0000
> +++ lib/x509/privkey_pkcs8.c  2007-05-23 22:12:33.000000000 -0000
> @@ -779,6 +779,7 @@
>    if (result != ASN1_SUCCESS)
>      {
>        gnutls_assert ();
> +      result = _gnutls_asn2err (result);
>        goto error;
>      }
>  
> /* gcc -g -O0 -o gnutls-test `pkg-config --libs --cflags gnutls` 
> gnutls-test-pkcs8.c */
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> #include <gnutls/gnutls.h>
> #include <gnutls/x509.h>
> #include <gcrypt.h>
>
> static void
> read_file (const char *file, gnutls_datum_t *datum)
> {
>       FILE *f = fopen (file, "rb");
>       if (f) {
>               datum->data = malloc (8192);
>               datum->size = fread (datum->data, 1, 8192, f);
>       }
>       if (!f || ferror (f))
>               err (1, "couldn't read from file: %s", file);
>       fclose (f);
> }
>
> int
> main (int argc, char **argv)
> {
>       gnutls_x509_privkey_t privkey;
>       gnutls_datum_t datum;
>       int gerr;
>
>       if (argc < 2)
>               errx (1, "specify key to parse");
>
>       gcry_check_version (GCRYPT_VERSION);
>       gnutls_global_init ();
>
>       read_file (argv[1], &datum);
>                               
>       gnutls_x509_privkey_init (&privkey);
>
>       gerr = gnutls_x509_privkey_import_pkcs8 (privkey, &datum, 
>                       GNUTLS_X509_FMT_DER, "test", GNUTLS_PKCS_PLAIN);
>       printf ("parse result: %d\n", gerr);
>
>       gnutls_global_deinit ();
>       return 0;
> }

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gnutls-dev] PKCS#8 parser does not return ASN.1 errors properly, Simon Josefsson <=

Prev by Date: Re: [gnutls-dev] Things to do before next stable release?
Next by Date: Re: [gnutls-dev] GnuTLS Fix: Decrypting PKCS#8 privkey with invalid password has same error as parse failure
Previous by thread: [gnutls-dev] Things to do before next stable release?
Next by thread: Re: [gnutls-dev] GnuTLS Fix: Decrypting PKCS#8 privkey with invalid password has same error as parse failure
Index(es):
- Date
- Thread